<?php
mysql_connect("localhost", "swapgeek_com", "vQGezxtSsql") or die(mysql_error());
mysql_select_db("swapgeek_com") or die(mysql_error());

function fix_magic_quotes() {
	if (!get_magic_quotes_gpc()) return;

	foreach ($_GET as &$value) {
		$value = stripslashes($value);
	}
	foreach ($_POST as &$value) {
		$value = stripslashes($value);
	}
}

fix_magic_quotes();

//phpinfo();
//die();


//if (!isset($_GET["data"])) die("No data");

// will decrypt the data sent from the client
// the data is escaped and ready to be inserted into the database directly
function parse($d) {
	$ret = array();
	$parts = explode(" ", $d, 2);

	if ($parts[0] == "get") {
		$ret["action"] = "get";
		if (count($parts) == 1) {
			// whole list
		} elseif (count($parts) == 2) {
			// special name
			$ret["server_name"] = mysql_real_escape_string($parts[1]);
		}

		return $ret;
	} elseif ($parts[0] == "add") {
		$adds = explode(" ", $parts[1], 4);
		$ret["action"] = "add";

		$ret["max_players"] = intval($adds[0]);
		$ret["public_server"] = ($adds[1] == "public" ? 1 : 0);
		$ret["local_address"] = mysql_real_escape_string($adds[2]);
		$ret["server_name"] = mysql_real_escape_string($adds[3]);
		$ret["global_address"] = $_SERVER["REMOTE_ADDR"];

		return $ret;
	} elseif ($parts[0] == "update") {
		if (count($parts) == 2) {
			$id = intval($parts[1]);

			$ret["action"] = "update";
			$ret["id"] = $id;

			return $ret;
		} else {
			$ret["action"] = "update";
			$ret["global_address"] = $_SERVER["REMOTE_ADDR"];

			return $ret;
		}
	} elseif ($parts[0] == "setactive") {
		if (count($parts) == 2) {
			$id = intval($parts[1]);

			$ret["action"] = "setactive";
			$ret["id"] = $id;

			return $ret;
		} else {
			$ret["action"] = "setactive";
			$ret["global_address"] = $_SERVER["REMOTE_ADDR"];

			return $ret;
		}
	} elseif ($parts[0] == "setinactive") {
		if (count($parts) == 2) {
			$id = intval($parts[1]);

			$ret["action"] = "setinactive";
			$ret["id"] = $id;

			return $ret;
		} else {
			$ret["action"] = "setinactive";
			$ret["global_address"] = $_SERVER["REMOTE_ADDR"];

			return $ret;
		}
	} elseif ($parts[0] == "remove") {
		if (count($parts) == 2) {
			$id = intval($parts[1]);

			$ret["action"] = "remove";
			$ret["id"] = $id;

			return $ret;
		} else {
			$ret["action"] = "remove";
			$ret["global_address"] = $_SERVER["REMOTE_ADDR"];

			return $ret;
		}
	} elseif ($parts[0] == "score") {
		$p = explode(" ", $parts[1], 4);
		if (count($p) == 4) {
			$ret["action"] = "score";
			$ret["score"] = intval($p[0]);
			$ret["level"] = intval($p[1]);
			$ret["time"] = intval($p[2]);
			
			$names = explode("\\", $p[3], 2);
			$ret["gamename"] = mysql_real_escape_string($names[0]);
			$ret["players"] = mysql_real_escape_string($names[1]);

			return $ret;
		}
	}
	return false;
}

if (isset($_GET["data"])) {
	$data = parse($_GET["data"]);
} else {
	$data = parse(file_get_contents("php://input"));//$_GET["data"]);
}

if ($data === false) die("Invalid data");

//print_r($data);

if ($data["action"] == "add") {
	$sql = "INSERT INTO multitris
		(server_name, max_players, global_address, local_address, public_server, last_refresh)
		VALUES
		('$data[server_name]', '$data[max_players]', '$data[global_address]', '$data[local_address]', $data[public_server], NOW())";
	mysql_query($sql) or die(mysql_error());
	echo $sql;
	$id = mysql_insert_id();

	echo "added ".$id;

} elseif ($data["action"] == "get") {
	if (isset($data["server_name"])) {
		$name = "AND server_name LIKE '$data[server_name]' ";
	} else {
		$name = "AND public_server = 1";
	}
	$sql = "SELECT * FROM multitris
		WHERE DATE_ADD(last_refresh, INTERVAL 30 SECOND) >= NOW()
		AND dead = 0
		$name";
	$res = mysql_query($sql) or die("Error: ".mysql_error());
	$servers = "";
	$num = 0;
	while ($r = mysql_fetch_assoc($res)) {
		$active = ($r["active"] ? "1" : "0");
		$servers .= "$r[global_address] $r[local_address] $active $r[server_name]\n";
		$num++;
	}
	$servers = "list ".$num."\n".$servers;
	
	echo $servers;

} elseif ($data["action"] == "update") {
	if (isset($data["id"])) {
		$sql = "UPDATE multitris SET last_refresh = NOW() WHERE id = $data[id]";
	} else {
		$sql = "UPDATE multitris SET last_refresh = NOW() WHERE global_address = '$data[global_address]' ORDER BY id DESC LIMIT 1";
	}
	mysql_query($sql) or die(mysql_error());
} elseif ($data["action"] == "setactive") {
	if (isset($data["id"])) {
		$sql = "UPDATE multitris SET active = 1 WHERE id = $data[id]";
	} else {
		$sql = "UPDATE multitris SET active = 1 WHERE global_address = '$data[global_address]' ORDER BY id DESC LIMIT 1";
	}
	mysql_query($sql) or die(mysql_error());
} elseif ($data["action"] == "setinactive") {
	if (isset($data["id"])) {
		$sql = "UPDATE multitris SET active = 0 WHERE id = $data[id]";
	} else {
		$sql = "UPDATE multitris SET active = 0 WHERE global_address = '$data[global_address]' ORDER BY id DESC LIMIT 1";
	}
	mysql_query($sql) or die(mysql_error());
} elseif ($data["action"] == "remove") {
	if (isset($data["id"])) {
		$sql = "UPDATE multitris SET dead = 1 WHERE id = $data[id]";
	} else {
		$sql = "UPDATE multitris SET dead = 1 WHERE global_address = '$data[global_address]' ORDER BY id DESC LIMIT 1";
	}
	mysql_query($sql) or die(mysql_error());
} elseif ($data["action"] == "score") {
	$num_players = count(explode("\\", $data["players"]));
	$sql = "INSERT INTO multitris_highscore (score, level, time, gamename, players, date, num_players) VALUES ($data[score], $data[level], $data[time], '$data[gamename]', '$data[players]', ".time().", $num_players)";

	mysql_query($sql) or die(mysql_error());
}

?>